OPSEC evolves with the times

  • Published
  • By Daryl Mayer, AFLCMC Public Affairs

WRIGHT-PATTERSON AFB, Ohio (AFLCMC) – While Operations Security is as old as warfare, the expansion of the virtual information space has presented new challenges. 
“No, it may not deal with classified, but it certainly deals with sensitive information and indicators that will enable an enemy, an adversary, or even a competitor in modern terms, to be successful in diminishing our operations or mission success,” said Jeff Jeghers, Director of Information Protection for the Digital Directorate at Hanscom AFB, Massachusetts. 

Jeghers joined with Patrick Dolan, B-52 Division Security Chief, Mark Collins, AFMC Operations Security Program Manager and Hallie Filson, a Palace Acquire intern fresh from a rotation with the Bombers Directorate, on a recent episode of AFLCMC’s Leadership Log podcast to discuss developments in OPSEC. 
One major change was the DoD-wide implementation of the Controlled Unclassified Information regime just when the COVID lockdown was happening.     
“FOUO [For Official Use Only] is what we were doing, now we have to do CUI,” said Dolan.  “But, can we do CUI over our networks?” 
The answer was a resounding “it depends” based on which government agency directive was consulted.  What followed was in some cases the development of new platforms like ZoomGov, turning off browsers in some locations and pushing out the most current software security updates. 
“That was a major challenge right off the bat when we went into this lockdown telework set up,” Dolan said. 
Beyond electronic systems, the physical location of employees was also a challenge. 
“The environment is one of the biggest factors to consider with respect to information no longer is discussed in a government facility amongst government people or on government equipment,” Collins said.  “Now, you’re in your home environment or in an apartment and you have families, friends and others around.  That's one of the biggest challenges I think that we should consider working in a hybrid, remote or any teleworking environment is that we lose the ability to have a protected environment.” 
Early on, Filson was on a team looking at innovative ways to protect electronic systems being used in new ways and new locations, such as the growing reliance on e-mail.  Her group created a keyword list based on the critical program information list and used that to scan communications traffic.    
“At the conclusion of the mission, we got specific examples of e-mails that were sent that even though the information wasn’t CUI, maybe we should talk about how to protect it better,” Filson said.  “Given all of these wonderful tools through this monitoring mission, our unit was able to have a discussion and say, ‘This is what we see when we communicate for these electronic systems. Let's reframe what we think about when we talk about security.’”     

To hear the full conversation, you can watch Leadership Log on YouTube at https://youtu.be/kAUKl1Hy8Jo.  You can also listen by searching “Leadership Log” on Apple Podcast, Google Podcast, Spotify, Overcast, Radio Public or Breaker.